End User License Agreement
Version 0.3 — Effective March 16, 2026
1. Definitions
"Agreement" means this End-User License Agreement, together with any Order Form(s), addenda, or exhibits incorporated by reference.
"CaladanAI" or "the Platform" means the CaladanAI cloud-based software-as-a-service platform, including all modules (TrialCast, VendorCast, RunwayMap, AccrualAlign, BoardReady, CaladanCore), features, updates, and documentation made available by Company to Customer.
"Company" means CaladanAI, Inc.
"Customer" means the organization that enters into an Order Form with Company to access the Platform.
"Authorized Users" means individuals within Customer's organization who are authorized to access and use the Platform under Customer's subscription.
"Customer Data" means all data, content, configurations, trial estimates, scenarios, financial models, vendor information, and other materials that Customer or its Authorized Users input, upload, create, or generate through use of the Platform.
"Anonymized Data" means Customer Data that has been aggregated, de-identified, and/or anonymized such that it cannot reasonably be used to identify Customer, any Authorized User, or any specific clinical trial, organization, or individual. Anonymized Data is not Customer Data.
"Platform Data" means data generated by the Platform itself, including usage analytics, feature interaction metrics, performance data, system logs, and aggregated operational statistics.
"Order Form" means the ordering document executed by Customer and Company specifying the subscription tier, module access, pricing, and term.
"Subscription Term" means the period during which Customer has paid access to the Platform as specified in the applicable Order Form.
"Effective Date" means the date on which Customer first accesses the Platform or the date specified in the Order Form, whichever is earlier.
"Benchmark-Dependent Features" means Platform features that rely on aggregated Anonymized Data to generate outputs, including but not limited to industry cost benchmarks within TrialCast, enrollment rate comparisons, and site performance metrics. A current list of Benchmark-Dependent Features is maintained at caladan.ai/legal/benchmark-features, which is incorporated by reference. Company shall provide Customer at least thirty (30) days' prior written notice before materially changing the Benchmark Features Page in a manner that would expand the scope of features affected by an opt-out under Section 13.3.
2. License Grant and Restrictions
2.1 License Grant
Subject to the terms of this Agreement and payment of applicable fees, Company grants Customer a limited, non-exclusive, non-transferable, non-sublicensable right to access and use the Platform during the Subscription Term solely for Customer's internal business purposes related to clinical trial financial planning and analysis.
2.2 Subscription Tiers
Access to Platform modules is determined by Customer's subscription tier as specified in the applicable Order Form. Company may offer the following tier structures, which may be modified from time to time:
(a) Organization-based access — access to specified modules for all Authorized Users within Customer's organization.
(b) Usage-based access — access metered by clinical trial, with fees determined by the number of active trials managed on the Platform.
The applicable tier structure and pricing shall be set forth in the Order Form.
2.3 Restrictions
Customer shall not, and shall not permit any Authorized User or third party to:
(a) Copy, modify, adapt, translate, reverse engineer, decompile, disassemble, or create derivative works based on the Platform;
(b) License, sublicense, sell, rent, lease, transfer, assign, distribute, or otherwise make the Platform available to any third party;
(c) Remove, alter, or obscure any proprietary notices, labels, or marks on the Platform;
(d) Use the Platform to build a competitive product or service, or to benchmark the Platform for competitive purposes;
(e) Use the Platform in violation of any applicable law, regulation, or third-party right;
(f) Attempt to gain unauthorized access to the Platform, other customer accounts, or Company's systems or networks;
(g) Introduce viruses, malware, or other harmful code into the Platform;
(h) Use the Platform to store or transmit protected health information (PHI) as defined under HIPAA, personally identifiable patient data, or any data subject to specific regulatory handling requirements not covered by this Agreement;
(i) Exceed the usage limits specified in the applicable Order Form;
(j) Share login credentials between Authorized Users, or allow any individual not designated as an Authorized User to access the Platform.
2.4 Acceptable Use
Customer acknowledges that the Platform is designed for clinical trial financial planning and analysis purposes. Customer is responsible for ensuring that all data entered into the Platform is used in compliance with applicable laws, regulations, and internal policies. The Platform does not process, store, or manage patient-level protected health information.
3. Customer Data Ownership and Rights
3.1 Customer Ownership
Customer retains all right, title, and interest in and to Customer Data. Nothing in this Agreement transfers ownership of Customer Data to Company. Company acquires no rights in Customer Data except the limited rights expressly set forth in this Agreement.
3.2 License to Company for Service Delivery
Customer grants Company a non-exclusive, worldwide, royalty-free license to use, copy, store, transmit, display, and process Customer Data solely as necessary to:
(a) Provide, maintain, and improve the Platform and related services;
(b) Provide technical support to Customer;
(c) Comply with applicable law or valid legal process;
(d) Enforce this Agreement.
3.3 License to Company for Anonymized Data
Customer grants Company a perpetual, irrevocable, non-exclusive, worldwide, royalty-free license to create, use, modify, distribute, and commercially exploit Anonymized Data derived from Customer Data for the following purposes:
(a) Improving, enhancing, and optimizing the Platform and its features;
(b) Developing and publishing industry benchmarks, including but not limited to clinical trial cost benchmarks, enrollment rate benchmarks, and site performance benchmarks;
(c) Training, improving, and validating machine learning models, artificial intelligence systems, and algorithms used within the Platform;
(d) Producing aggregated analytics, reports, and insights for publication or distribution to the broader market.
Transparency. Company shall publish an annual summary describing the categories of benchmarks and aggregate insights derived from Anonymized Data during the preceding twelve (12) months. Such summary shall not identify any Customer or Customer Data.
This license survives termination or expiration of this Agreement. Anonymized Data is not considered Customer Data and is not subject to the data deletion obligations in Section 10.
3.4 Anonymization Standards
Company shall ensure that all Anonymized Data meets the following standards:
(a) Individual Customer organizations cannot be re-identified from the Anonymized Data through reasonable efforts;
(b) Specific clinical trials, compounds, therapeutic areas, or investigational products cannot be attributed to a specific Customer;
(c) Financial figures, vendor names, site names, and other Customer-specific identifiers are removed or generalized;
(d) Anonymization processes are reviewed periodically and updated to reflect evolving industry standards and best practices;
(e) No benchmark or aggregate insight shall be published that is derived from fewer than ten (10) distinct Customer organizations, so as to prevent inferential re-identification of any individual Customer's data.
3.5 Data Portability
Customer may export Customer Data at any time during the Subscription Term using the export functionality available within the Platform. Available export formats are described in the then-current Platform documentation. Upon written request, Company will provide reasonable assistance with bulk data export using Platform-native capabilities, subject to Company's then-current export policies.
3.6 No Sale of Identifiable Customer Data
Company shall not sell, lease, or provide Customer Data in identifiable form to any third party, except as required by law or with Customer's prior written consent. For the avoidance of doubt, the creation and use of Anonymized Data as described in Section 3.3 does not constitute a sale of Customer Data.
4. Intellectual Property
4.1 Company IP
The Platform, including all software, algorithms, models, user interfaces, designs, documentation, benchmarks, and Anonymized Data derived pursuant to Section 3.3, is and shall remain the exclusive property of Company and its licensors. This Agreement does not grant Customer any rights to Company's intellectual property except the limited use license in Section 2.1.
4.2 Customer IP
All intellectual property rights in Customer Data, including trial estimates, financial models, scenario analyses, and other work product created by Customer using the Platform, belong to Customer. Company claims no ownership interest in Customer's work product.
4.3 Feedback
If Customer provides suggestions, ideas, enhancement requests, or other feedback regarding the Platform ("Feedback"), Company may use such Feedback without restriction or obligation to Customer. Customer hereby assigns to Company all right, title, and interest in any Feedback provided.
4.4 AI-Generated Outputs
Certain features of the Platform utilize artificial intelligence and machine learning to generate analyses, forecasts, recommendations, and other outputs ("AI Outputs"). AI Outputs are provided as decision-support tools and do not constitute financial advice, legal advice, or professional consulting. Customer is solely responsible for evaluating, validating, and acting upon AI Outputs.
5. Fees and Payment
5.1 Fees
Customer shall pay the fees specified in the applicable Order Form. Company reserves the right to modify pricing upon renewal with at least sixty (60) days' prior written notice.
5.2 Payment Terms
Unless otherwise specified in the Order Form, all fees are:
(a) Due and payable within thirty (30) days of invoice date;
(b) Non-refundable except as expressly set forth herein;
(c) Exclusive of applicable taxes, which are Customer's responsibility.
5.3 Overdue Payments
Overdue amounts shall accrue interest at the rate of 1.5% per month (or the maximum rate permitted by law, whichever is less). Company may suspend access to the Platform if any invoice remains unpaid for more than thirty (30) days past due, upon ten (10) days' prior written notice to Customer.
5.4 Usage Overage
If Customer's usage exceeds the limits specified in the Order Form (e.g., number of active trials), Company shall notify Customer and invoice for the overage at the then-current per-unit rate. Customer shall pay overage fees within thirty (30) days.
6. Confidentiality
6.1 Definition
"Confidential Information" means any non-public information disclosed by one party ("Discloser") to the other ("Recipient"), whether orally, in writing, or electronically, that is designated as confidential or that a reasonable person would understand to be confidential given the circumstances. Customer Data is Customer's Confidential Information. Company's pricing, technical architecture, proprietary algorithms, and business plans are Company's Confidential Information.
6.2 Obligations
The Recipient shall: (a) use Confidential Information solely for the purposes of this Agreement; (b) protect Confidential Information with at least the same degree of care it uses for its own confidential information, but no less than reasonable care; and (c) not disclose Confidential Information to any third party except employees and contractors with a need to know who are bound by confidentiality obligations at least as protective as these.
6.3 Exclusions
Confidential Information does not include information that: (a) is or becomes publicly available without breach of this Agreement; (b) was known to Recipient prior to disclosure; (c) is independently developed by Recipient without use of Confidential Information; or (d) is received from a third party without restriction. For the avoidance of doubt, Anonymized Data is not Confidential Information of Customer.
6.4 Required Disclosures
Recipient may disclose Confidential Information to the extent required by law, regulation, or valid legal process, provided Recipient gives Discloser prompt written notice (where legally permitted) and cooperates in seeking a protective order.
7. Security and Data Protection
7.1 Security Measures
Company shall implement and maintain commercially reasonable administrative, technical, and physical security measures designed to protect Customer Data against unauthorized access, disclosure, alteration, or destruction. Such measures shall include, at a minimum:
(a) Encryption of Customer Data in transit (TLS 1.2+) and at rest;
(b) Access controls with role-based permissions;
(c) Multi-tenant data isolation at the application and database layers;
(d) Regular security assessments and vulnerability scanning;
(e) Incident response procedures.
7.2 Data Isolation
The Platform employs a multi-tenant architecture with logical data isolation. Customer Data is segmented by organization-level identifiers and access controls to prevent unauthorized access by other customers or unauthorized users.
7.3 Compliance
(a) Company shall comply with all applicable U.S. federal and state data protection laws.
(b) Company is actively pursuing SOC 2 Type II certification. Upon certification, Company will make available a summary report to Customers upon written request under a non-disclosure agreement.
(c) Company does not currently operate in jurisdictions requiring GDPR compliance. Company will notify existing Customers prior to expanding Platform availability to the European Economic Area.
7.4 Sub-Processors
Company uses third-party service providers ("Sub-processors") to assist in providing the Platform. A current list of Sub-processors, including their function and data processing location, is maintained at caladan.ai/legal/sub-processors, which is incorporated by reference. Company shall provide Customer at least thirty (30) days' prior written notice before engaging a new Sub-processor that will process Customer Data. If Customer objects to a new Sub-processor on reasonable data protection grounds, Customer shall notify Company in writing within fifteen (15) days of receiving notice, and the parties shall negotiate in good faith to resolve the objection. If the parties cannot resolve the objection within thirty (30) days, Customer may terminate the affected Order Form without penalty.
7.5 Security Incident Notification
In the event of a confirmed security breach affecting Customer Data, Company shall notify Customer in writing within seventy-two (72) hours of becoming aware of the breach, and shall: (a) describe the nature and scope of the incident; (b) describe the steps taken to mitigate and remediate; and (c) cooperate with Customer's reasonable investigation requests.
7.6 No PHI
The Platform is not designed to process, store, or transmit protected health information (PHI) as defined under HIPAA. Customer shall not input PHI into the Platform. Company is not a Business Associate under HIPAA and does not offer a Business Associate Agreement.
7.7 Data Processing Addendum
Upon request, Company shall enter into a Data Processing Addendum ("DPA") with Customer that supplements this Agreement with additional data processing terms. The DPA, when executed, shall be incorporated into this Agreement by reference. Company's standard DPA is available at caladan.ai/legal/dpa.
8. Representations and Warranties
8.1 Company Warranties
Company represents and warrants that:
(a) The Platform shall perform materially in accordance with the applicable documentation during the Subscription Term;
(b) Company has the authority to enter into this Agreement and to grant the rights set forth herein;
(c) The Platform shall not, at the time of delivery, contain any known viruses, malware, or malicious code;
(d) Company shall provide the Platform in compliance with all applicable laws.
8.2 Customer Warranties
Customer represents and warrants that:
(a) Customer has the authority to enter into this Agreement;
(b) Customer's use of the Platform shall comply with all applicable laws, regulations, and this Agreement;
(c) Customer has all necessary rights to provide Customer Data to Company and to grant the licenses set forth herein;
(d) Customer Data does not and shall not contain PHI, patient-level data, or data that would require Company to be a Business Associate under HIPAA (see Section 7.6).
8.3 Disclaimer
Except as expressly set forth in this Section 8, the Platform is provided "as is" and Company disclaims all other warranties, express, implied, or statutory, including but not limited to warranties of merchantability, fitness for a particular purpose, title, and non-infringement. Company does not warrant that the Platform will be uninterrupted, error-free, or secure.
The Platform provides financial analysis tools and AI-generated forecasts for informational and planning purposes only. Company does not provide financial, legal, or investment advice. Customer is solely responsible for all decisions made based on Platform outputs.
Platform outputs, including cash flow projections, enrollment forecasts, runway analyses, and scenario analyses, are planning tools generated from data provided by Customer and industry benchmarks derived from aggregated Platform data. They are not guarantees of future performance and should not be the sole basis for funding decisions, capital raises, investor communications, or other material financial actions. Results experienced by Customers will vary based on trial design, enrollment conditions, vendor performance, and other factors outside Company's control.
9. Limitation of Liability
9.1 Liability Cap
To the maximum extent permitted by applicable law, Company's total aggregate liability arising out of or related to this Agreement shall not exceed the total fees paid by Customer to Company during the twelve (12) months immediately preceding the event giving rise to the claim.
9.2 Exclusion of Damages
In no event shall either party be liable for any indirect, incidental, special, consequential, or punitive damages, including but not limited to loss of profits, revenue, data, business opportunities, or goodwill, regardless of the cause of action or the theory of liability, even if such party has been advised of the possibility of such damages.
9.3 Exceptions
The limitations in Sections 9.1 and 9.2 shall not apply to: (a) Customer's payment obligations; (b) either party's breach of Section 6 (Confidentiality); (c) Company's breach of Section 7 (Security and Data Protection); (d) either party's indemnification obligations under Section 11; or (e) liability arising from gross negligence or willful misconduct.
10. Term and Termination
10.1 Term
This Agreement commences on the Effective Date and continues for the initial Subscription Term specified in the Order Form. Unless either party provides written notice of non-renewal at least sixty (60) days before the end of the then-current term, the Agreement shall automatically renew for successive periods equal to the initial Subscription Term at Company's then-current pricing.
10.2 Termination for Cause
Either party may terminate this Agreement upon written notice if:
(a) The other party materially breaches this Agreement and fails to cure within thirty (30) days of written notice; or
(b) The other party becomes subject to bankruptcy, insolvency, or similar proceedings.
10.3 Termination for Convenience
Customer may terminate this Agreement for convenience upon thirty (30) days' prior written notice. Fees paid for the remainder of the Subscription Term are non-refundable unless otherwise specified in the Order Form.
10.4 Effect of Termination
Upon termination or expiration:
(a) Customer's access to the Platform shall cease immediately;
(b) Customer may request export of Customer Data using Platform-native export capabilities within thirty (30) days following termination, in accordance with Section 3.5;
(c) Company shall delete Customer Data within ninety (90) days following termination, except as required by law or as expressly permitted by this Agreement;
(d) Anonymized Data created pursuant to Section 3.3 is not subject to deletion and may be retained and used by Company indefinitely in accordance with the terms of Section 3.3;
(e) Sections 1, 3.3, 3.4, 4, 6, 8.3, 9, 10.4, 11, and 12 shall survive termination.
10.5 Data Retrieval Period
Company shall maintain Customer Data in accessible form for a period of ninety (90) days following the effective date of termination (the "Retrieval Period"). During the Retrieval Period, Customer may request export of Customer Data. After the Retrieval Period, Company shall have no obligation to maintain or provide Customer Data, and may delete all copies in its systems except for Anonymized Data and data retained pursuant to legal requirements.
11. Indemnification
11.1 Company Indemnification
Company shall defend, indemnify, and hold harmless Customer from and against any third-party claims, damages, losses, and expenses (including reasonable attorneys' fees) arising from: (a) Company's breach of its representations and warranties; (b) any claim that the Platform infringes a valid U.S. patent, copyright, or trade secret; or (c) Company's gross negligence or willful misconduct.
11.2 Customer Indemnification
Customer shall defend, indemnify, and hold harmless Company from and against any third-party claims, damages, losses, and expenses (including reasonable attorneys' fees) arising from: (a) Customer's breach of this Agreement; (b) Customer Data or Customer's use of the Platform in violation of law or this Agreement; or (c) any claim that Customer Data infringes a third party's rights.
11.3 Indemnification Procedures
The indemnified party shall: (a) promptly notify the indemnifying party of any claim; (b) grant the indemnifying party sole control of the defense and settlement; and (c) provide reasonable cooperation. The indemnifying party shall not settle any claim in a manner that imposes obligations on the indemnified party without prior written consent.
12. General Provisions
12.1 Governing Law
This Agreement shall be governed by and construed in accordance with the laws of the State of Oregon, without regard to conflict of law principles.
12.2 Dispute Resolution
Any dispute arising out of this Agreement shall first be submitted to good-faith negotiation between senior executives of each party. If not resolved within thirty (30) days of written notice of the dispute, the dispute shall be finally resolved by binding arbitration administered by the American Arbitration Association ("AAA") under its Commercial Arbitration Rules then in effect. The arbitration shall be conducted by a single arbitrator in Portland, Oregon. The arbitrator's award shall be final and binding and may be entered as a judgment in any court of competent jurisdiction. Each party shall bear its own costs and attorneys' fees, unless the arbitrator determines that a party's claim or defense was frivolous, in which case the arbitrator may award reasonable attorneys' fees to the prevailing party. Notwithstanding the foregoing, either party may seek injunctive or other equitable relief in any court of competent jurisdiction to protect its intellectual property rights or Confidential Information.
12.3 Assignment
Neither party may assign this Agreement without the prior written consent of the other party, except that either party may assign this Agreement to a successor in connection with a merger, acquisition, or sale of all or substantially all of its assets.
12.4 Force Majeure
Neither party shall be liable for any failure or delay in performance due to causes beyond its reasonable control, including natural disasters, acts of government, pandemics, war, terrorism, labor disputes, power failures, internet disruptions, or third-party service outages.
12.5 Notices
All notices under this Agreement shall be in writing and delivered by: (a) email to the addresses specified in the Order Form, with confirmation of receipt; or (b) nationally recognized overnight courier. Notices are effective upon confirmed receipt.
12.6 Entire Agreement
This Agreement, together with all Order Forms and exhibits, constitutes the entire agreement between the parties and supersedes all prior and contemporaneous agreements, understandings, and communications. No modification shall be effective unless in writing and signed by both parties.
12.7 Severability
If any provision of this Agreement is held to be invalid or unenforceable, the remaining provisions shall continue in full force and effect.
12.8 Waiver
Failure to enforce any provision of this Agreement shall not constitute a waiver of that provision or any other provision.
12.9 Independent Contractors
The parties are independent contractors. Nothing in this Agreement creates a partnership, joint venture, agency, or employment relationship.
12.10 Third-Party Beneficiaries
This Agreement does not confer any rights on any third party.
13. Specific Provisions for Clinical Trial Data
13.1 Nature of Data
Customer acknowledges and agrees that the Platform is designed for clinical trial financial planning and operational analysis — not for clinical data management, electronic data capture (EDC), or patient-level data processing. Data entered into the Platform consists of:
(a) Trial cost estimates and financial projections;
(b) Site and enrollment planning data (aggregate site counts, enrollment targets, visit schedules);
(c) Vendor and contract information;
(d) Scenario analyses and Monte Carlo simulation parameters;
(e) Organizational and departmental budget information.
13.2 Prohibited Data
Customer shall not input into the Platform:
(a) Patient-level data, including names, medical record numbers, dates of birth, or any HIPAA-defined protected health information;
(b) Investigational product formulations, synthesis routes, or proprietary compound data beyond what is necessary for trial identification (e.g., compound name for labeling purposes);
(c) Data subject to export control regulations (ITAR, EAR);
(d) Payment card data (PCI-DSS scope).
13.3 Benchmarking, Industry Insights, and Opt-Out
Customer acknowledges that Company uses Anonymized Data derived from the Platform's user base to:
(a) Create and publish clinical trial cost benchmarks by therapeutic area, phase, geography, and trial design;
(b) Develop enrollment rate benchmarks and site performance metrics;
(c) Build predictive models for trial cost estimation and enrollment forecasting;
(d) Enhance the accuracy and utility of the Platform's AI-powered features for all customers.
Customer acknowledges that these benchmarks and insights benefit all Platform users, as the accuracy and utility of Benchmark-Dependent Features improve with the breadth of the aggregated data pool.
Opt-Out Option. Customer may opt out of contributing to the Anonymized Data pool by submitting a written request to Company. Customers who opt out acknowledge that Benchmark-Dependent Features (as defined in Section 1.12 and listed on the Benchmark Features Page) will be unavailable or materially limited, as those features are powered by the aggregated data pool. Opt-out does not affect Customer's access to any other Platform features or functionality. To opt out, Customer must submit written notice to Company; opt-out takes effect within thirty (30) days of Company's receipt of such notice and applies prospectively to new data only. Upon receiving a valid opt-out request, Company shall configure a tenant-level exclusion within its data anonymization pipeline to prevent Customer's new data from being included in future anonymization processing cycles. Opt-out does not require deletion of Anonymized Data already created prior to the opt-out effective date, as such data has already been irreversibly anonymized and cannot be attributed to Customer.
13.4 Benchmark Publication
When Company publishes benchmarks or industry insights derived from Anonymized Data, Company shall:
(a) Never attribute data or insights to a specific Customer;
(b) Aggregate data from no fewer than ten (10) distinct Customer organizations per published data point, to prevent inferential re-identification;
(c) Use reasonable efforts to ensure published benchmarks are accurate and representative;
(d) Clearly label benchmarks as derived from aggregated platform data.
Appendix A: Data Processing Details
| Data Processor | CaladanAI, Inc. |
|---|---|
| Data Subjects | Customer's employees (Authorized Users) |
| Data Categories | Clinical trial financial data, cost estimates, vendor data, enrollment projections, usage analytics |
| Processing Purpose | Platform service delivery, product improvement, benchmarking |
| Retention (Customer Data) | Duration of Subscription Term + 90-day Retrieval Period |
| Retention (Anonymized Data) | Indefinite |
| Sub-processors | See caladan.ai/legal/sub-processors (updated with 30-day notice) |
| Data Location | United States |
| Encryption | AES-256 at rest, TLS 1.2+ in transit |